Migration Guide : Migrating from Version 13.0.1 : GRVASTPlatform>>#secureHashFor: now uses SHA256 algorithm
GRVASTPlatform>>#secureHashFor: now uses SHA256 algorithm
The secure hash used by the Grease framework in the VAST Platform now uses the SHA256 algorithm to produce digests. The implementation is done as a primitive at the VM level with no external dependencies.
Reason for change
The previous implementation used MD5 as its algorithm, which is widely recognized as cryptographically broken, primarily due to its vulnerability to collision attacks where two different inputs can produce the same hash. This weakness severely compromises integrity, as it makes it feasible for malicious actors to manipulate content without detection. Furthermore, MD5's shorter 128-bit digest offers lower resistance to brute-force attempts compared to more modern algorithms.
In contrast, SHA-256 delivers a 256-bit hash that significantly enhances security by increasing both collision and preimage resistance. It has become a widely adopted standard, meeting strict regulatory and compliance requirements.
Action required
If your system used #secureHashFor: to generate keys or perform lookups on already hashed content, you might need to rehash using the new implementation.
Last modified date: 02/21/2025